Malware Disguised as Panda Anti Virus Software

By Nick Clayton

Panda Security is warning of a nasty new trick by malware authors. The Bilbao, Spain, based anti-virus (AV) company says its Panda Cloud AV branding is being used to disguise a particularly malicious piece of rogueware. Victims think they are downloading an anti-virus program, but in fact they are doing the opposite and installing a trojan, explains Infosecurity.

The trojan in question is DarkAngle, and it does all the nasty things we have come to expect. “This Trojan is designed to steal every piece of information you can have in your computer,” PandaLabs technical director Luis Corrons told Infosecurity. “It can even use the computer’s webcam and microphone to record video and audio and send it to the cybercriminals. Not only that, it can download and install new pieces of malware.” Nothing unusual about this,” he blogged elsewhere, “just one more to add to the more than 73,000 new viruses that appear every day.”

But it does do a bit more. It has its own evasion techniques, can kill processes and reloads itself on re-boot, making it particularly persistent. It also adds over 20Mb of junk data to itself to help avoid cloud scanning (since malware is rarely so large, some AVs don’t scan such large files)

According to Infosecurity Panda believes the trojan has been created by Chinese cybercriminals. It does not spread by itself, but relies on tricking people into downloading it. Mr. Corrons’ recommendation is, for anybody downloading any software to go to the website of the developer, rather than relying on an untrusted source.

About Tech Europe

Tech Europe covers Europe’s technology leaders, their companies, and the people and industries that support them — and their ideas. The blog is edited by Ben Rooney, with contributions from The Wall Street Journal and Dow Jones Newswires.